zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-10-08 08:50:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,719 Commits 7 Branches 66 Tags
ac5ec5e32faad68c3afa55ee5c75d76e91a79948
Commit Graph

72 Commits

Author SHA1 Message Date
Qiang Huang
7695a0ddb0 systemd: support cgroup parent with specified slice 
Pick up #119
Fixes: docker/docker#16681

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-12-02 23:57:02 -05:00
Alexander Morozov
6c198ae2d0 Reorder checks in Walk to avoid panics 
Also added test for host PID namespace

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-10-13 15:06:57 -07:00
Vivek Goyal
6a851e1195 exec_test.go: Test case for rootfsPropagation="private" 
A test case to test rootfsPropagation="private" and making sure shared
volumes work.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 2015-10-01 17:03:02 -04:00
Vivek Goyal
175e4b8aec exec_test.go: Test cases for rootfsPropagation=rslave 
test case to test rootfsPropagation=rslave

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 2015-10-01 17:03:02 -04:00
Michael Crosby
0dad64f7ad Fix STDIO permissions when container user not root 
Fix the permissions of the container's main processes STDIO when the
process is not run as the root user.  This changes the permissions right
before switching to the specified user so that it's STDIO matches it's
UID and GID.

Add a test for checking that the STDIO of the process is owned by the
specified user.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-18 14:11:29 -07:00
Mrunal Patel
859abee0c8 Add CAP prefix for capabilities 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-09-15 14:43:03 -04:00
David Calavera
0f28592b35 Turn hook pointers into values. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 11:34:34 -07:00
Michael Crosby
dd969cbacd Add test for function based hooks 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-10 18:15:00 -07:00
Mrunal Patel
1dca365393 Add test for prestart hook 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Conflicts:
	libcontainer/integration/exec_test.go
 2015-09-10 17:59:36 -07:00
Alexander Morozov
05b1cda5dd Merge pull request #235 from hqhq/hq_fix_cgroup_test 
Fix cgroup mount tests
 2015-09-01 14:57:44 -07:00
Vishnu Kannan
cc232c4707 Adding oom_score_adj as a container config param. 
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
 2015-08-31 14:02:59 -07:00
Qiang Huang
085f465c00 Fix cgroup mount tests 
I got:
```
exec_test.go:823: Mode expected to contain 'ro,nosuid,nodev,noexec': tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755
```wq

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-08-31 11:23:18 +08:00
Matthew Heon
2ae581ae62 Convert Seccomp support to use Libseccomp 
This removes the existing, native Go seccomp filter generation and replaces it
with Libseccomp. Libseccomp is a C library which provides architecture
independent generation of Seccomp filters for the Linux kernel.

This adds a dependency on v2.2.1 or above of Libseccomp.

Signed-off-by: Matthew Heon <mheon@redhat.com>
 2015-08-13 07:56:27 -04:00
Alexander Morozov
1735ad788f Replace dind with smaller script 
It just mounts /tmp into tmpfs. We need this because criu tests has
problems on overlayfs.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-07-30 13:23:26 -07:00
Alexander Morozov
d89964eed3 Remount /sys/fs/cgroup as RO if MS_RDONLY was passed in m.Flags 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-07-22 11:05:40 -07:00
Mrunal Patel
5b805276c2 Revert "Remount /sys/fs/cgroup as readonly always" 
This reverts commit 18de1a273e.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-07-17 17:50:46 -04:00
Alexander Morozov
18de1a273e Remount /sys/fs/cgroup as readonly always 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-07-17 12:45:09 -07:00
Alexander Morozov
f6eb19c0d5 Tests for mounting cgroups 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-07-15 11:07:03 -07:00
Mrunal Patel
8ea6c65d12 Rename SystemProperties to Sysctl and make it available in the runc config 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-07-06 19:18:08 -04:00
Alexander Morozov
5c56d28043 Fix panic in seccomp test on error 
It can happen if newContainer is failed. Now test shows real error from
newContainer instead of trace.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-06-22 19:26:33 -07:00
Michael Crosby
080df7ab88 Update import paths for new repository 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-06-21 19:29:59 -07:00
Michael Crosby
8f97d39dd2 Move libcontainer into subdirectory 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-06-21 19:29:15 -07:00